package com.salon.modules.sys.controller;

import com.salon.common.annotation.SysLog;
import com.salon.common.http.response.ObjectResult;
import com.salon.common.http.response.PageResult;
import com.salon.common.http.response.ResultCode;
import com.salon.common.utils.Constant;
import com.salon.common.validator.ValidatorUtils;
import com.salon.common.validator.group.AddGroup;
import com.salon.common.validator.group.UpdateGroup;
import com.salon.modules.sys.entity.SysUserEntity;
import com.salon.modules.sys.form.PasswordForm;
import com.salon.modules.sys.service.ISysUserRoleService;
import com.salon.modules.sys.service.ISysUserService;
import java.util.List;
import java.util.Map;
import javax.annotation.Resource;

import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.crypto.hash.Sha256Hash;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import springfox.documentation.annotations.ApiIgnore;

/**
 * 系统用户
 */
@RestController
@RequestMapping("/sys/user")
@Api(tags="用户管理")
public class SysUserController extends BaseController {

    @Resource
    private ISysUserService sysUserService;

    @Resource
    private ISysUserRoleService sysUserRoleService;

    @GetMapping("/list")
    @ApiOperation("分页")
    @RequiresPermissions("sys:user:select")
    public PageResult<SysUserEntity> list(@ApiIgnore @RequestParam Map<String, Object> params) {
        // 只有超级管理员，才能查看所有管理员列表
        if (getUserId() != Constant.SUPER_ADMIN) {
            params.put("createUserId", getUserId());
        }
        return sysUserService.listByPage(params);
    }

    @SysLog("修改密码")
    @ApiOperation("修改密码")
    @PostMapping("/password")
    public ObjectResult<String> password(@RequestBody PasswordForm form) {
        if(StringUtils.isBlank(form.getNewPassword())) {
            return ObjectResult.failed(ResultCode.FAIL, "新密码不为能空");
        }
        //sha256加密
        String password = new Sha256Hash(form.getPassword(), getUser().getSalt()).toHex();
        //sha256加密
        String newPassword = new Sha256Hash(form.getNewPassword(), getUser().getSalt()).toHex();
        //更新密码
        boolean flag = sysUserService.updatePassword(getUserId(), password, newPassword);
        if (!flag) {
            return ObjectResult.failed(ResultCode.FAIL, "原密码不正确");
        }
        return ObjectResult.success();
    }

    @GetMapping("/info/{userId}")
    @ApiOperation("详情")
    @RequiresPermissions("sys:user:select")
    public ObjectResult<SysUserEntity> info(@PathVariable("userId") Long userId) {
        // 获取用户信息
        SysUserEntity user = sysUserService.getById(userId);
        // 获取用户所属的角色列表
        List<Long> roleIdList = sysUserRoleService.listRoleIdByUserId(userId);
        user.setRoleIdList(roleIdList);
        return ObjectResult.success(user);
    }

    @SysLog("保存用户")
    @PostMapping("/save")
    @ApiOperation("保存")
    @RequiresPermissions("sys:user:save")
    public ObjectResult<String> save(@RequestBody SysUserEntity user) {
        ValidatorUtils.validateEntity(user, AddGroup.class);
        user.setCreateUserId(getUserId());
        sysUserService.saveUser(user);
        return ObjectResult.success();
    }

    @SysLog("修改用户")
    @PostMapping("/update")
    @ApiOperation("修改")
    @RequiresPermissions("sys:user:update")
    public ObjectResult<String> update(@RequestBody SysUserEntity user) {
        ValidatorUtils.validateEntity(user, UpdateGroup.class);
        user.setCreateUserId(getUserId());
        sysUserService.update(user);
        return ObjectResult.success();
    }

    @SysLog("删除用户")
    @PostMapping("/delete")
    @ApiOperation("删除")
    @RequiresPermissions("sys:user:delete")
    public ObjectResult<String> delete(@RequestBody Long[] userIds) {
        if (ArrayUtils.contains(userIds, 1L)) {
            return ObjectResult.failed(ResultCode.FAIL,"系统管理员不能删除");
        }
        if (ArrayUtils.contains(userIds, getUserId())) {
            return ObjectResult.failed(ResultCode.FAIL,"当前用户不能删除");
        }
        sysUserService.deleteBatch(userIds);
        return ObjectResult.success();
    }

}
